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About this Guide 


Thank you for your interest in our revolutionary new Qualys Cloud Agent Platform. This 
new platform extends the Qualys Cloud Platform to continuously assess global IT 
infrastructure and applications using hghtweight agents. All you have to do is install 
agents on your IT assets. We'll help you get started quickly! 


About Qualys 


Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and 
compliance solutions. The Qualys Cloud Platform and its integrated apps help businesses 
simplify security operations and lower the cost of compliance by delivering critical 
security intelligence on demand and automating the full spectrum of auditing, 
compliance and protection for IT systems and web applications. 


Founded in 1999, Qualys has established strategic partnerships with leading managed 
service providers and consulting organizations including Accenture, BT, Cognizant 
Technology Solutions, Deutsche Telekom, Fujitsu, HCL, HP Enterprise, IBM, Infosys, NTT, 
Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also a 
founding member of the Cloud Security Alliance (CSA). For more information, please visit 
www.qualys.com 


Qualys Support 


Qualys is committed to providing you with the most thorough support. Through online 
documentation, telephone help, and direct email support, Qualys ensures that your 
questions will be answered in the fastest time possible. We support you 7 days a week, 
24 hours a day. Access support information at www.qualys.com/support/ 
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Get Started 


With Qualys Cloud Agent you'll get continuous network security updates through the 
cloud. As soon as changes are discovered on your hosts they’ll be assessed and you'll 
know about new security threats right away. All you have to do is install lightweight 
agents on your hosts - we'll help you do this quickly! 


Overview 


Install lightweight agents in minutes on your IT assets. These can be installed on your 
on-premise systems, dynamic cloud environments and mobile endpoints. Agents are 
centrally managed by the cloud agent platform and are self-updating (no reboot needed). 


Scanning in the Cloud We'll start syncing asset data to the cloud agent platform once 
agents are installed. Agents continuously collect metadata, beam it to the cloud agent 
platform where full assessments occur right away. Since the heavy lifting is done in the 
cloud the agent needs minimal footprint and processing on target systems. 


Stay updated with network security Scanning in the cloud uses the same signatures 
(vulnerabilities, compliance datapoints) as traditional scanning with Qualys scanners. 
You'll get informed right away about new security threats using your Qualys Cloud 
Platform applications - Vulnerability Management (VM), Policy Compliance (PC), 
Continuous Monitoring (CM), AssetView (AV) and more! 


What do | need to know? 


Here’s a few things to know before you install agents on hosts within your network. 


Get informed quickly about Qualys Cloud Agent (CA). 


Video Tutorials 
Cloud Agent Platform Introduction (2m 10 s) 
Getting Started Tutorial (4m 58s) 


Get Started 
What do I need to know? 


Cloud Agent requirements 


- We support these systems: Windows, Linux/Unix (.rpm), Linux (.deb), BSD(.txz), 
Apple Mac OSX (.pkg) 


Cloud Agent Platform Availability Matrix 


- Your hosts must be able to reach your Qualys Cloud Platform (or the Qualys Private 
Cloud Platform) over HTTPS port 443. Go to Help > About to see the URL your hosts need to 
access. 


bazi 


- To install Windows Agent you must have local administrator privileges on your hosts. 
Proxy configuration is supported 


To install Linux Agent, BSD Agent, Unix Agent, MacOS Agent you must have root 
privileges, non-root with Sudo root delegation, or non-root with sufficient privileges (VM 
scan only). Proxy configuration is supported. 


Steps to install agents 


- Create an activation key. This provides a way to group agents and bind them to your 
account. 


- Download the agent installer to your local machine. 


- Run the installer on each host from an elevated command prompt, or use group policy or 
a systems management tool. 


- Activate agents for modules in your subscription (VM, PC, FIM, EDR, PM, etc). A license 
will be consumed for each agent activated. 


Our Quick Start Guide helps you get started 


Check out our Quick Start Guide (you can go to user name menu and select this option). 
On the left you’ll see step by step instructions with links to the right places to take actions. 
On the right you'll find links to video tutorials. 


Qualys URL your hosts need to access 
The Qualys URL you use depends on the Qualys platform where your account is located. 


Refer https://www.qualys.com/platform-identification/ 


Get Started 
What do I need to know? 


Tip - You can click Cloud Agent Overview to get helpful information on requirements, 
proxy support and more. 


Cloud Agent v 


Agent Management 


Welcome to Qualys” Cloud Agent Platform 


Thank you for signing up for our revolutionary new platform that gives you continuous network security updates 
through the cloud using lightweight agents. It's easy to get started! 


Get started with these quick steps See youragents > 


dd ò D © 


Cloud Agent Overview 


Become an expert in no time. Learn how it all works, what you will need and which preliminary steps you can take. 


@ Download & Install Agents > 


This step will help you create activation keys and set up agents. Already have an activation key? 
Click here 


(2 We're Ready to Start Syncing to the Cloud! > 

Once your agents are installed they should start connecting to our cloud platform and registering themselves. We would 
expect you to see your first asset discovery results in a few minutes 

Click here to troubleshoot. 

© Change Configuration (optional) > 


You can customize the behavior of your agents by creating custom profiles 


Help w Steve King vw Log out 


Video Tutorials 


CA Platform Introduction 
2m 10s 


Getting Started Tutorial 
4m 58s 


Qualys Top Community Posts 


CA Platform Announcement 
Webcast- An Introduction to CA 
58m 


Getting Started Guide 


Looking for training? You might want to check out these options. 


Free Training 


Take a free CA self paced class 


CA video library 
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Cloud Agent Platform Availability Matrix 


For the most current list of supported cloud agents with versions and modules on the 
Qualys Cloud Platform, please refer to the following article: 


Cloud Agent Platform Availability Matrix 
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It’s easy to install agents 


It’s easy to install agents 


It just takes a couple minutes to install an agent. Our wizard will help you do it quickly! 


Help me with the steps 


Start the wizard Choose Agent Management and select Manage Activation Keys (or go to 
the Activation Keys tab). 


Cloud Agent v Hepw Ger King~ | Logout 


Agent Management 


Lal Agent Management Agents Activation Keys Configuration Profiles 


& Cloud Agent Management Do not show tutorials 


This is where you can install cloud agents on your hosts and monitor their status. 
e ni eines Click here 


d Manage Cloud Agents Manage Activation Keys 
LZ Monitor your cloud agents and get their continuously Create activation keys and install agents. An activation 


updated status, including host inventory data as well as key is required to install an agent on your host (input in 

security posture the install command line).This key can be unlimited, or 
set to expire after a number of uses or after a date has 
been reached 


Configure Agent Settings 
Customize the various settings to control agent 

tt behavior, ie. performance, resource utilization, blackout 
windows, and assign to different hosts in your network 


using tags. These can be saved as separate profiles for 
reuse. 


About | Terms of Use | Support 


Select New Key to create a new activation key. An activation key is used to install agents. 


TEE e Eee The activate key 
Agent Management provides a way 
to group agents 
TEEN GCOS Activation Keys ME ES and bind them 
S218 Zea to your account. 
aoe Select this 


0 activation keys {fv 


Activation Key Last Used Agents Created Expires Modules 


For example, 
you can create 
different keys 
for various 
business 
functions and 


No activation keys to display. Create a key or revise your search criteria. 


Already have a key? Just select a key from the list, and select Install Agent from the Quick 
Actions menu. 


Get Started 
It’s easy to install agents 


Generate a new activation key Click the Generate button. 
Give your key a 


New Activation Key Tum help tips: On| Off b meaningful 
EE name to easily 
Create a new activation key e B i 
identify it later. 
An activation key is used to install agents. This provides a way to group agents and better manage your account. By default 
this key is unlimited - it allows you to add any number of agents at any time. Why add tags? 
Title example: My New Title This helps you 


manage agents 
- we'll associate 
tags to agent 


Select | Create 


(no tags selected) 


hosts. 
Provision Key for these applications 
Your key is 
Asset Inventory as Patch Management e e 
a Activations managed by Al = PM | License limit not enforced unlimited by 
e i ; default - install 
_ VM Vulnerability Management _ PC Policy Compliance 
O License limit not enforced e License limit not enforced any number of 
Endpoint Detection and Response mm FIM File Integrity Monitoring agents at any 
O License limit not enforced = License limit not enforced time. 
o SCA Secure Config Assessment = Security Analytics S et limits if you 
— License limit not enforced = License limit not enforced 
want the key to 
O Set limits expire after a 
number of 


agents, or ona 
certain date, or 
Close Unlimited Key | Generate ) both. 


Auto activate 
agents for apps 
in your account. 
Skip this step to 
activate agents 
at a later time. 
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It’s easy to install agents 


Review requirements and click Install Instructions for the target agent host. 


Don't see all of 


| Installation Requirements $ 
| the options? 


ba ero dile Just go to Help > 
| Contact 
a Enterprise Linux Support and 


Fedora we'll help you 
ei x64 OpenSUSE Install instructions . ZO 

SUSE Enterprise Linux with this 

Amazon Linux 


Oracle Enterprise Linux guickly 


L Red Hat Enterprise Linux 
inux 


(rpm) ARM64 CentOS Install instructions 


Amazon Linux 


4 
4 
© Linux Debian 
E 
€ 


(deb) x64 Ubuntu Install instructions 

(dob) ARM64 Peer Install instructions 

H — 

Apple macOS e : 

ped SE Pan OSX Install instructions 

GA, AIK arara 
| ) (bff.gz) Power5 IBM AIX Install instructions 
6 is x64 FreeBSD Ee 


Install your agents You'll download the agent installer and run on your hosts. To run the 
installer you just copy and paste the command shown - it’s that simple. 


Depending on the OS type, you'll download respective agent installer and install the agent 
from Install Instructions. 


Few examples: 


For Linux (.rpm) ARM64, you'll click Download .rpm button to download the agent 
installer. 


For Linux (.deb) ARM64, you'll click Download .deb button to download the agent installer. 
For MacOS (.pkg) x64, you'll click Download .pkg button to download the agent installer. 


Setup proxy support Our installation guides help you with this and more options. 


Installation Guides: Windows Agent | Linux Agent | BSD Agent | Unix Agent | MacOS Agent 
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Get Started 
Installing agents in AWS 


Installing agents in AWS 


Please follow the installation steps provided at the link below. 


Learn more 
Installing Cloud Agent in AWS 


We're syncing asset data to the cloud! 


The agent immediately connects to the cloud agent platform and registers itself. We 
would expect you to see your first asset discovery results within a few minutes. This is a 
light scan that collects asset inventory data: IP address, OS, DNS/NetBIOS names, MAG 
address. 

Status messages are continuously updated. Learn more 

Be sure to Activate Agents for modules (VM/PC) or (FIM/EDR/PM/SA). Activate Agent from 
the Quick Actions menu (or do it for many agents in bulk using the Actions menu). If you 
skip this step your agents will sync inventory information only (IP address, OS, DNS and 
NetBIOS names, MAC address) and the cloud agent platform will not perform host 
assessments and report security threats. 


Dashboard Agent Management 


| 
GO Agent Management Agents MEETS eN ES 


Saved Searches + 


Search. 


KERE) | insta New Agent 


go Agent Host OS Version Last Activity ~ Last Checked In 
7 A WINTPATCHes-ssfd EE Windows 4100 Manifest Downloaded Apr 03, 2020 8:41:22 PM 
10.115.76.105, fe8 7 5 Apr 03, 2020 8:41:22 PM 
View Asset Details 
Add Tags 
Assign Config Profile 
Activate Agent 
Deactivate Agent 
Uninstall Agent 
O A Vish-Test2 7 Manifest Downloaded Jan 16, 2020 9:36:45 AM 
Heda Gue Jan 16, 2020 9:36:45 AM 


No agent status? You should see the status of your agent (on the Agents tab) a few 
minutes after installation. If there’s no status this means your agent has not been 
installed - it did not successfully connect to the cloud platform and register itself. 


There are 2 common reasons for this: 


1) The agent host cannot reach the Qualys Cloud Platform (or the Qualys Private Cloud 
Platform if this applies to you) over HTTPS port 443. Check network access and be sure to 
whitelist the platform URL listed in your account. Just go to Help > About for details. 
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2) You have a custom proxy. Our Ouick Start Guide - Cloud Agent Overview will help you 
with this quickly. 

Still need help? Keep in mind your agents must connect to the cloud platform to start 
syncing asset data to the cloud. Read our troubleshooting tips (under Help > Online Help). 


Continuous scanning in the cloud 


The first assessment scan in the cloud takes some time, after that scans complete as soon 
as new host metadata is uploaded to the platform. 


A centos74 ek Centos Linux 2.5.0.129 Inventory Scan Complete Jan 08, 2020 6:32:46 PM LEI EE EN EZ hstesttag 


Jan 08, 2020 6:32:46 PM 
tagt 


Cloud Agent 
HE! BU AI USR GRP 


IT | 2more tags 


How it works The agent sends up an upload of the baseline snapshot to the cloud agent 
platform for assessment. For the initial upload the agent collects comprehensive 
metadata about the target host (a few megabytes) and sends a baseline snapshot to the 
cloud for assessment. The status Scan Complete is reported upon success. This first scan 
typically takes 30 minutes to 2 hours using the default configuration - after that scans run 
instantly on the delta uploads (a few kilobytes each). 


The asset data the agent collects includes many things for the baseline snapshot like 
network posture, OS, open ports, installed software, registry info, what patches are 
installed, environment variables, and metadata associated with files. The agent stores a 
snapshot on the agent host to quickly determine deltas to host metadata it collects. 


What signatures are tested? Agent-based scanning uses the same signatures 
(vulnerabilities, compliance datapoints) as traditional scanning with Qualys scanners. If 
you've activated your agents for VM, we'll test for vulnerability signatures. If you ve 
activated your agents for PC we'll check for compliance datapoints. 
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Cloud Agent Cloud Provider Metadata 


Available starting with Cloud Agent Linux 1.7.0 and Cloud Agent Windows 1.6.0 releases, 
the Oualys Cloud Agent collects instance metadata from supported public cloud 
providers, including Amazon Web Services, Microsoft Azure, and Google Compute 
Platform. 

The agent collects the instance metadata from the cloud provider's instance metadata 
web services locally available from each running instance via HTTP as part of the agent's 
default inventory collection. The collected instance metadata is available in the Qualys 
AssetView module (Asset Details and new search tokens) and Asset Management API. 


Cloud Provider Instance Metadata 


The following table lists the instance metadata currently collected by the Cloud Agent for 
each cloud provider. Refer to the Cloud Agent Release Notes for additional instance 
metadata collected from public cloud providers in future versions of the Cloud Agent. 
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For AWS 

Cloud Agent Windows Cloud Agent Linux 

accountld accountld 

ami-id ami-id 

availability-zone availability-zone 

instance-id instance-id 

instance-type instance-type 

kernel-id kernel-id 

ocal-hostname ocal-hostname 

ocal-ipv4 ocal-ipv4 
network/interfaces/macs/mac/mac network/interfaces/macs/mac/mac 
network/interfaces/macs/mac/subnet-id network/interfaces/macs/mac/subnet-id 
public-hostname public-hostname 

public-ipv4 public-ipv4 

region region 


reservation-id 
security-groups 
security-groups-ids 
vpc-id 
asset.aws.ec2.availabilityZone 
asset.aws.ec2.accountld 
asset.aws.ec2.region 
asset.aws.ec2.VPCId 
asset.aws.ec2.publiclpAddress 
asset.aws.ec2.document 
asset.aws.ec2.macAddress-find 
asset.aws.ec2.instanceld 
asset.aws.ec2.kernelld 
asset.aws.ec2.macAddress 
asset.aws.ec2.hostnamePublic 
asset.aws.ec2.subnetld 
asset.aws.ec2.securityGroups 
asset.aws.ec2.reservationId 
asset.aws.ec2.instanceType 
asset.aws.ec2.securityGrouplds 
asset.aws.ec2.privatelpAddress 
asset.aws.ec2.amild 
asset.aws.ec2.hostname 


reservation-id 

security-groups 
security-groups-ids 

vpc-id 

asset.aws.ec2.instanceld 
asset.aws.ec2.instanceType 
asset.aws.ec2.privatelpAddress 
asset.aws.ec2.region 
asset.aws.ec2.kernelld 
asset.aws.ec2.availabilityZone 
asset.aws.ec2.amild 
asset.aws.ec2.accountld 
asset.aws.ec2. hostname 
asset.aws.ec2.hostnamePublic 
asset.aws.ec2.publiclpAddress 
asset.aws.ec2.macAddress 
asset.aws.ec2.reservationld 
asset.aws.ec2.ami-launch-index 
asset.aws.ec2.ami-manifest-path 
asset.aws.ec2.instance-action 
asset.aws.ec2.securityGroups 
asset.aws.ec2.VPCId 
asset.aws.ec2.securityGroupslds 
asset.aws.ec2.subnetld 
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For Azure 


Cloud Agent Windows 


Get Started 
Cloud Agent Cloud Provider Metadata 


Cloud Agent Linux 


cCompute location 
compute.name 

compute.offer 
compute.osType 
compute.publisher 
compute.resourceGroupName 
compute.subscriptionId 
compute.tags 
compute.version 
compute.vmld 
compute.vmSize 

network interface ipv4.ipaddress.privatelpAddress 
network interfaceipv4.ipaddress.publiclpAddress 
network interface ipv4.subnet.address 
network.interface.ipv6.ipaddress.ipAddress 
network.interface.macAddres 
asset.azure.vm.subnet 

asset.azure.vm.offe 
asset.azure.vm 
asset.azure.vm.subscription!Id 
asset.azure.vm.name 
asset.azure.vm.publisher 
asset.azure.vm.privatelpAddress 
asset.azure.vm.vmSize 
asset.azure.vm.publiclpAddress 
asset.azure.tags 
asset.azure.vm.version 
asset.azure.vm.ipv6 
asset.azure vm .vmiId 

asset.azure. vm .macAddress 
asset.azure.vm location 
asset.azure.vm.resourceGroupName 
asset.azure.vm.osType 


compute.location 
compute.name 

compute.offer 
compute.osType 
compute.publisher 
compute.resourceGroupName 
compute.subscriptionId 
compute.tags 
compute.version 
compute.vmld 
compute.vmSize 
network.interface.ipv4.ipaddress.privatelpAddress 
network.interface.ipv4.ipaddress.publiclIpAddress 
network.interface.ipv4.subnet.address 
network.interface.ipv6.ipaddress.ipAddress 
network.interface.macAddres 
asset.azure vm .vmld 
asset.azure vm .name 
asset.azure.vm.location 
asset.azure.vm.vmSize 
asset.azure.vm.offer 
asset.azure.vm.publisher 
asset.azure.vm.version 
asset.azure.vm.osType 
asset.azure.vm.SubscriptionId 
asset.azure.tags 
asset.azure.vm.resourceGroupName 
asset.azure.vm.subnet 
asset.azure.vm.macAddress 
asset.azure.vm.publicIpAddress 
asset.azure.vm.privatelpAddress 
asset.azure.vm.ipv6 
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For GCP 
Cloud Agent Windows Cloud Agent Linux 
instance/hostname instance/hostname 
instance/id instance/id 


instance/machine-type 

instance/network-interfaces/ 
instance/network-interfaces/0/access-configs/0/external-ip 
instance/network-interfaces/0/ip 
instance/network-interfaces/0/mac 
instance/network-interfaces/0/network 

instance/zone 
project/numeric-project-id 
project/project-id 
asset.gcp.compute.projectIdNo 
asset.gcp.compute.hostname 
asset.gcp.compute.projectDetails 
asset.gcp.compute.id-PreAggregate 
asset.gcp.compute.macAddress 
asset.gcp.compute.id 
asset.gcp.compute.publicIpAddress 
asset.gcp.compute.projectld 
asset.gcp.compute.networkInterface 
asset.gcp.compute.zone 
asset.gcp.compute.network 
asset.gcp.compute.privatelpAddress 
asset.gcp.compute.machineType 


instance/machine-type 
instance/network-interfaces/ 
instance/network-interfaces/0/access-configs/0/external-ip 
instance/network-interfaces/0/ip 
instance/network-interfaces/0/mac 
instance/network-interfaces/0/network 
instance/zone 
project/numeric-project-id 
project/project-id 

asset.gcp.compute.id 
asset.gcp.compute. hostname 
asset.gcp.compute.machineType 
asset.gcp.compute.zone 
asset.gcp.compute.publicIpAddress 
asset.gcp.compute.privatelpAddress 
asset.gcp.compute.network 
asset.gcp.compute.macAddress 
asset.gcp.compute.projectIdNo 
asset.gcp.compute.projectid 


For IBM 

Cloud Agent Windows Cloud Agent Linux 
asset.ibm.virtualServer.frontendMacAddresses asset.ibm.virtualServer location 
asset.ibm.virtualServer.backendMacAddresses asset.ibm.virtualServer.datacenterld 
asset.ibm.virtualServer.id asset.ibm.virtualServer.deviceName 
asset.ibm.virtualServer.publicIP asset.ibm.virtualServer.publicIp 
asset.ibm.virtualServer.publicVlan asset.ibm.virtualServer.privatelp 
asset.ibm.virtualServer.privateVlan asset.ibm.virtualServer.id 
asset.ibm.virtualServer.domain asset.ibm.virtualServer.domain 
asset.ibm.virtualServer.tags asset.ibm.tags 
asset.ibm.virtualServer.deviceName asset.ibm.virtualServer.publicVlan 
asset.ibm.virtualServer.location asset.ibm.virtualServer.privateVlan 
asset.ibm.virtualServer.pivateIP 

asset.ibm.virtualServer.datacenterld 

asset.ibm.virtualServer.id-PreAggregate 
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For OCI 

Cloud Agent Windows Cloud Agent Linux 
asset.oracle.compute.image asset.oracle.compute.instanceld 
asset.oracle.compute.vnic asset.oracle.compute.displayName 
asset.oracle.compute.state asset.oracle.compute.compartmentld 
asset.oracle.compute.displayName asset.oracle.compute.shape 
asset.oracle.compute.instanceld asset.oracle.compute.state 
asset.oracle.compute.compartmentld asset.oracle.compute.region 
asset.oracle.compute.timeCreated asset.oracle.compute.availabilityDomain 
asset.oracle.compute asset.oracle.compute.timeCreated 
asset.oracle.compute.definedtags asset.oracle.compute.image 
asset.oracle.compute.freeformtags asset.oracle.compute.faultDomain 
asset.oracle.compute.shape asset.oracle.compute.hostName 
asset.oracle.compute.region asset.oracle.compute.canonicalRegionName 
asset.oracle.compute.faultDomain asset.oracle.compute.definedtags 
asset.oracle.compute.availabilityDomain asset.oracle.compute.freeformtags 
asset.oracle.compute.hostname asset.oracle.compute.vnic 


asset.oracle.compute.canonicalRegionName 
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Manage Your Agents 


A quick look at your agents 


Cloud Agent v aa Help w v Log out 


Dashboard Agent Management 


& Agent Management Agents Activation Keys Configuration Profiles 


Saved Searches + Agents 


Search @ Search 4 
Install New Agent {v 

= 7 | 
go Agent Host os Version Last Activity SO Last Checked In Configuration Agent Modules Tags | 

WIN7PATCH69-85 E Microsoft Win 21134 Inventory Scan Complete 8 minutes ago Initial Profile 1 4] EO Cloud Agent 

1011576 105 fe8 8 minutes ago © 

ESO 

O WIN7X64-196-175 E Microsoft Win. 2.1.1.4 Scan Complete 7 minutes ago LCI o «as Cloud Agent 

aia Gea 14 minutes ago La 
DO Vish-Test2 © Amazon Linux 2 2.3.0.60 Scan Complete 4 minutes ago LCI o as Cloud Agent 


2311140. 600 20 minutes ago 


1 You should see status messages within a few minutes after installation. Learn more 


2 Search your agents - your agents list includes all installed agents that have 
connected to the Qualys Cloud Platform. 


3 Agent hostname - NetBIOS name for a Windows host, DNS name for a Linux host. 
You can configure the name displayed. Just select View Asset Details from the Quick 
Actions menu. 


4 Aconfiguration profile has settings that impact agent behavior. Initial Profile is the 
profile provided by our service to help you get started. Want create a profile with 
customized settings? Just go to Configuration Profiles and select New Profile. 


5 Weassign the Cloud Agent tag to agent hosts automatically. This helps you manage 
and report on you agent assets. 
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Agent Host os Version Last Activity Quick Actions menu lets 
you 
2 A TEZ d EEEa - view asset details 
View Asset Details - activate agent for various 


Add Tags assessments (VM, PC, etc) 


Assign Config Profile 


Activate Agent - uninstall agent 


Deactivate Agent 


Uninstall Agent 
| A Vish-Test2 Activate for FIM or EDR or PM or SA Manifest Downloaded 
Mr tak e Jan 16, 2020 9:36:45 AM 


aas v ertz Avent Actions menu lets you 
View Asset Details a 
Add T: Version Last Activity update multiple agents at 
ags 
once 
Assign Config Profile 
Activate Agent 
lindows 4.1.0.0 Manifest Downloaded 
Deactivate Agent Apr 03, 2020 8:41:22 PM 
Uninstall Agent 
Activate for FIM or EDR or PM or SA 
Clear selections 


A  Vish-Test2 avs Amazon Linux 2 2.5.0.17 Manifest Downloaded 
172 1 0 Jan 16, 2020 9:36:45 AM 


Tell me about agent status 


The agent status is continuously updated to keep you informed about your agent. Not 
seeing any status? Read our troubleshooting tips (under Help > Online Help). 


Provisioned 
The agent successfully connected to the cloud platform and registered itself. 


Manifest Downloaded 


= 


The cloud platform updated the manifest assigned to this agent. This tells the agent what 
metadata to collect from the host. The updated manifest was successfully downloaded 
and itis in effect for this agent. For non-Windows agents the status column shows specific 
manifest download status, such as Inventory Manifest Downloaded for inventory, and the 
following status for scans: 


VM Manifest Downloaded, PC Manifest Downloaded, FIM Manifest Downloaded, or EDR 
Manifest Downloaded. 
Configuration Downloaded 


A user updated the configuration profile assigned to this agent. This defines agent 
behavior, 1.e. how the agent will collect data from the host. The updated profile was 
successfully downloaded and it is in effect for this agent. 
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Agent Downloaded 


A new agent version was downloaded and the agent was upgraded as part of the auto- 
update process. Note the agent does not need to reboot to upgrade itself. 


Inventory Scan Complete 


The agent completed host discovery, collected some host information and sent it to the 
cloud platform. During host discovery the agent attempts to collect this information: IP 
address, OS, NetBIOS name, DNS name, MAC address. 


Scan Complete 


The agent uploaded new host metadata and an assessment was performed on the cloud 
platform. If there is new assessment data (e.g. new VM vulnerabilities, PC datapoints) the 
cloud platform processes this data to make it available in your account for viewing and 
reporting. 
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Easily view current Asset Details 


o Agent Host os Version Last Activity 


Select View Asset Details from 
MA WIN7PATCH69-85§ E Windows 41.0.0 Manifest Downloaded the menu 


10.115.76.105, tes! Apr 03, 2020 8:41:22 PM 


View Asset Details 
Add Tags 
Assign Config Profile 


| Activate Agent 
| Deactivate Agent 
| Uninstall Agent 


O A Vish-Test2 Activate for FIM or EDR or PM or SA 7 Manifest Downloaded 
172.31.11.40, 006 Jan 16, 2020 9:36:45 AM 


Asset Summary and sections that follow show you current asset data returned from the 
latest inventory scan and the latest full scan (assessment). 


101854-T450 


View Mode Asset Summary 
Asset Summary 
DE 101858 TAND Rename 
System Information E E Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 Build 7601 
LENOVO / 20BVOOODUS 

Agent Summary 
Network Inf tion Identification Activity 
Open Ports DNS Hostname: 101858 =E rre pr Last User Login CORP\ashah 

FQDN 101855 = om Last System Boot: June 15, 2017 3:55 AM 
err Gri rr NetBIOS Name 101854) miai Created On December 9, 2016 1:20 PM 

IPv4 Addresses: 10.0.200_ E Last Checked-In 24 minutes ago 1:51 PM 
Vulnerabilities IPv6 Addresses: fe80:0:0:0: 

Asset ID 429512 

Host ID: - 

Tags Last Location 


Comp_10.10.107_10_WinOnly tesboooo Cloud Agent 


Close 
SEER as) 


Drill down to the various sections to view comprehensive details returned from 
vulnerability assessments. You can view control datapoints when your account has 
Policy Compliance (PC) enabled, and alert notifications when Continuous Monitoring 
(CM) is enabled. 
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Take bulk actions on agents 


Activate, Deactivate, Uninstall multiple agents in one go! 


Select agents from your agents list, open the Actions menu and select the bulk action to 
apply. 


Actions (3) v Install New Agent 


Add Tags 


Version Last Activity 
Assign Config Profile 
Activate Agent 
Deactivate Agent B 
4.1.0.0 Manifest Downloaded | 
Assign UDC Manifest Apr 03, 2020 8:41:22 PM 
Uninstall Agent 
Activate for FIM or EDR or PM or SA 
Deactivate Agent for FIM or EDR or PM or SA 
Clear selections 
M A Vish-Test2 aes Amazon Linux 2 25.017 Manifest Downloaded 
172.31.11.40. 0:0:0 Jan 16, 2020 9:36:45 AM 
i 
EA A centos74 ei CentOS Linux... 2.5.0.129 Inventory Scan Complete 
10.0.0.6, 0:0:0:0:0 Jan 08, 2020 6:32:46 PM 


Change configuration 


Agents have a default configuration and this controls how agents behave. You can change 
agent configuration by creating configuration profiles, and change the order they are 
applied. 


@& Agent Management Agents Activation Keys Configuration Profiles 


New Profile Drag profiles to change the order in which they will be applied (2) 
Order Profile Name Created by Lasi 

@ 1 Initial Profile (Default) System Sept 

e 2 My configuraiton profile POC manager (quays_as) July 


Tip - Double click Initial Profile to view the 
default settings provided by Qualys 


Initial Profile is the default profile with configuration settings provided by Qualys. This is 
assigned to agents by default at installation time. You can easily view the profile settings. 


Profile settings impact many agent behaviors. How and when the agent collects 
metadata, when it should sync with the cloud platform, when to do self-updates, tuning 
of performance and bandwidth utilization, etc. You can create custom profiles and assign 
to hosts. 
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Change configuration 


Best Practices You might want to assign different agent configurations for different parts 
of your network infrastructure, i.e. laptops, servers, desktops, datacenters. Just tag your 
hosts according to your groupings and assign these tags to different configuration profiles. 
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Tagging agent hosts 


bazi 


assets in your subscription. 


er 


AssetView 


Manage Your Agents 
Tagging agent hosts 


The dynamic asset tagging features help you manage your agent host assets just like other 


The Cloud Agent tag is assigned to every agent host. Select this tag and you'll see the 
number of agent hosts (assets). 


Assets Tags 
Search Results New Tag 2 tev 
EI Name a Created 
Quick Filters ( Business Risk 30 Apr 2015 
5) Not in Use ( Business Units 15 Dec 2014 
In scope Bop if Cloud Agent 15 Dec 2014 
Favorite 
j { Offices 30 Apr 2015 
Color 
T] F Scanner Applcanees 30 Apr 2015 
ba f systems 30 Apr 2015 
Preview Actions v | 
Cloud Agent 
Path: Cloud Agent 
Last updated by Agent pod3 Agent pod3 (auays. ja11) | 30 Apr 2015 11:05AM GMT-0700 
Created By: System Assets Reports Users 
Created on: 15 Dec 2014 4:01PM GMT-0700 6 0 
Type: Static 
Name a Created 
Quick Filters L Business Risk 30 Apr 2015 
ETE b p [[ Business Units 15 Dec 2014 
GO egiz 
J] Favorite gpm 
Lores 
Edit 
Color 
I Scanner Appicances | Find assets | 
MG F systems 
Mark as favorite 
Add Chid Tag F 
Preview 
Cloud Agent 


Path: Cloud Aaent 


You might want to tag agent hosts to help you organize them and report on them. 


‘= AssetView 


Assets Tags 


Filters: (1) applied 


|| Asset Names 


= 10.11.65.244 


D 


10.11.65.244 |QDWIN2012R2 


L Cloud Agent { LeNick Courtot (IT Team) | || Servers 


® 10.11.65.242 
10.11.65.242 |QDWIN2012R2 


| Corporate Headquarters | Steven Franchise (Compliance Team) 


E ©& 10.11.65.122 
10.11.65.122 |QAGWK12R203 


( Seven Franchise (Compliance Team) | ff Cloud Agent 


Add tags 


F Medium 


Clear Filters | w Show Filters 


(| Page 1\of1 | >| | Z Displaying 1-6 of 6 
Operating System Modules 


Microsoft Windows Server 2012 R2 Standard 6.3.9600 ... (Pc | Ee 


Microsoft Windows Server 2012 R2 Standard 6.3.9600 ... 


{ Cloud Agent | Add tags 


Microsoft Windows Server 2012 R2 Standard 6.3.9600 ... 


Add tags 
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Looking for agent files? 


The agent is centrally managed by the cloud platform. For this reason you should not edit 
or execute the agent files installed on your hosts - we list these here for your information. 
For help with troubleshooting you might want to review the log files. 


What's included? Program files, the manifest (instructions for what data the agent 
collects), configuration (how the agent behaves), snapshot database and log files. 


Windows Agent 


C:\Program Files (x86)\QualysAgent\Qualys\QualysCloudAgent.exe 
C:\Program Files (x86)\QualysAgent\Qualys\Uninstall.exe 
C:\ProgramData\Qualys\QualysAgent\* 

Log files (Log.txt, Archive.txt) are located here: 
C:\ProgramData\Qualys\QualysAgent 

On XP and Server 2003, log files are located here: 

C:\Documents and Settings\All Users\Application Data\Qualys\QualysAgent 
Have custom variables? No worries, we'll install the agents following the 
environment settings defined for your hosts. 


Linux Agent, BSD Agent, Unix Agent, MacOS Agent 


/etc/init.d/qualys-cloud-agent 

/etc/rc.d //BSD 

/etc/qualys/cloud-agent/qagent-log.conf 
/var/log/qualys/qualys-cloud-agent.log 
/var/opt/qualys/qualys-cloud-agent.log //Unix 
/usr/local/qualys/cloud-agent/* //Linux/BSD, Unix 
/Applications/QualysCloudAgent.app/* //MacOS 


Still need help? Click Read our troubleshooting tips (under Help > Online Help). 
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Appendix 


End-of-Service Cloud Agent Versions 


Please see the table below for the cloud agent versions that are no longer supported. 


Platform End-of-Service Agent Version 
Windows Prior to 3.0 
Linux Prior to 2.6 
IBM AIX Prior to 2.0 
MacOS Prior to 2.0 


How to find agents that are no longer supported? 
There are a few ways to find your agents from the Qualys Cloud Platform. 
- QID 105961 EOL/Obsolete Software: Qualys Cloud Agent Detected 

- Search by Agent Version 

- Search by Software Lifecycle Stage 

- Use Cloud Agent Dashboard 


QID 105961 EOL/Obsolete Software: Qualys Cloud Agent Detected 
VULNSIGS-2.5.117-2 


ML-12.2.62-1 


Note: There are no vulnerabilities. This is simply an EOL QID. By default, all EOL QIDs are 
posted as a severity 5 
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How to find agents that are no longer supported? 


Search by Agent Version 


For example, you can find agents by the agent version number by navigating to Cloud 
Agent > Agent Management > Agents and using the following search query: 


agentVersion<2.1* 


CloudAgent v EI Help» | Spem 


Dashboard Agent Management 


GA Agent Management Agents Activation Keys Configuration Profiles 


Saved Searches ~ 


save = 
agentVersion<2.1* @ Search 
| v| [insta New Agent 
Agent Host os Version Last Activity v Last Checked In Configuration Agent Modules 
E| @ Ubuntu Linux ... 1.7.1.37 VM Manifest Downloaded a minute ago Default Profile 


a minute ago 


Search by Software Lifecycle Stage 


For example, you can find agents by the software name and lifecycle stage by navigating 
to Global IT Asset Inventory > Inventory > Software and using the following search query: 


Software: ((name:Qualys) and lifecycle.stage: ‘EOL/EOS’ ) 


Global IT Asset Inventory HOME DASHBOARD INVENTORY TAGS 


Managed Ma N Software 


software: ((name:Qualys) and lifecycle. stage: ‘EOL/EOS*) 


Last30 Days v 


3 TOP SOFTWARE CATEGORIES TOP SOFTWARE PUBLISHERS 
Security Qualys 
LICENSE Group Software by... ¥ | | Type: Application v 1-10f1 
Commercial 3 
LIFECYCLE Qualys Cloud Agent Security Commercial EOL/EOS 3 
EOL/EOS 3 1.1.0 Endpoint Management and Security Free 
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Use Cloud Agent Dashboard 
Go to Dashboard and you'll see widgets that show distribution by platform. 


Cloud Agent {v SI Help w Spencer Brown w Log out 


Dashboard Agent Management 


ee pren gere os 5 
5 
0 — = 


ccde9afc-0efd-4ac6-ae65-453631... 94813ab1-efb1-446e-ba91-20f725... 3b8d2bb2-c2d3-4738-8682-7a099... aaba8708-a86b-4cf5-82dd-93028... 


Refresh All 


alı] WINDOWS VERSION DISTRIBU... aly} LINUX VERSION DISTRIBUTION aly} MAC VERSION DISTRIBUTION JJ BSD VERSION DISTRIBUTION 


3 


400414 31543 2.1.1.34 3.0.0.101 26.0.88 UTA 2.4.0.74 2.4.0.72 


alı] OVERALL VERSION DISTRIBUTION 
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What action do | need to take? 


Upgrade your deployed agents 


Upgrade your cloud agents to the latest version. See instructions for upgrading cloud 
agents in the following installation guides: Windows | Linux | AIX/Unix | MacOS | BSD 


Tip - All Cloud Agent documentation, including installation guides, online help and 
release notes, can be found at qualys.com/documentation. 


Install the latest version for future deployments 


You'll want to download and install the latest agent versions from the Cloud Agent UI. 
Please refer Cloud Agent Platform Availability Matrix for details. 


A few things to know before you install agents 


Give your key a name and add tags to easily find agents installed using this key. We'll associate the tags to the agent 
hosts. 


Activation Key e ete o 


Key Type Unlimited key 


Total Count in use 5 


Installation Requirements 


NE Windows Microsoft Windows Client GEE EE) 
ME (exe) a Microsoft Windows Server Install instructions 


Red Hat Enterprise Linux 
CentOS 
Fedora 


OpenSUSE Install instructions 


SUSE Enterprise Linux 
Amazon Linux 
Oracle Enterprise Linux 


Red Hat Enterprise Linux 


CentOS Install instructions 


Amazon Linux 

Debian /_ rr: 
Ubuntu Install instructions 
Debian ——— 
Ubuntu Install instructions 
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Best Practices for Agent Binary Upgrade 
1) We recommend customers use the auto upgrade feature, or upgrade agents quarterly: 


- Best: Enable auto upgrade in the agent Configuration Profile. This method is used by 
~80% of customers today. This is the best method to quickly take advantage of Qualys’ 
latest agent features. 


- Better: Certify and upgrade agents via a third-party software package manager on a 
quarterly basis. 


- Good: Upgrade agents via a third-party software package manager on an as-needed 
basis. 


2) Qualys highly recommends that customers download and update their Gold Image 
builds quarterly, even if auto upgrade is enabled in the Configuration Profile. 


Why should | upgrade my agents to the latest version? 


Beyond routine bug fixes and performance improvements, upgraded agents offer 
additional features, including but not limited to: 


Cloud provider metadata - Attributes which describe assets and the environment in the 
Public Cloud (AWS, Azure, GCP, etc.) 


Enhanced Java detections — Discover Java in non-standard locations 


Middleware auto discovery - Automatically discover middleware technologies for Policy 
Compliance 


Support for other modules - Patch Management, Endpoint Detection and Response, File 
Integrity Monitoring, Security Analytics 


ARM support - ARM architecture support for Linux 
User Defined Controls — Create custom controls for Policy Compliance 


On Demand Scan - Force agent to start collection for Vulnerability Management, Policy 
Compliance, etc. 


Multiple proxy support - Set secondary proxy configuration 


Unauthenticated Merge - Merge unauthenticated scans with agent collections 
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